8/8/2019 Pro to Cole

1/30

packetlife.

by Jeremy Stretch v

BGP PART 1

Well-known Mandatory Must be supported and propagated

Attribute Types

Well-known Discretionary Must be supported; propagation optional

Optional Transitive Marked as partial if unsupported by neighbor

Optional Nontransitive Deleted if unsupported by neighbor

Type

About BGP

eBGP AD

iBGP AD

Path Vector

20

200

Standard

Protocols

Transport

Authentication

RFC 4271

IP

TCP/179

MD5

AttributesName

Aggregator OTID and AS of router which performedsummarization

Type Description

List of autonomous systems which theadvertisement has traversed

AS Path WM

Atomic Aggregate WDIncludes ASes which have been droppeddue to route aggregation

Originating clusterONCluster ID

Route tagOTCommunity

Metric for internal neighbors to reachexternal destinations (default 100)

Local Preference WD

Multiple ExitDiscriminator (MED)

ONMetric for external neighbors to reachthe local AS (default 0)

External peer in neighboring ASWMNext Hop

Origin type (IGP, EGP, or unknown)WMOrigin

Identifies a route reflectorONOriginator ID

Weight OCisco proprietary, not communicated topeers (default 0)

Path Selection

Attribute

Weight Administrative preference

Description

1

Preference

Highest

Local PreferenceCommunicated between peerswithin an AS

2 Highest

Self-originated Prefer paths originated locally3 True

AS Path Minimize AS hops4 Shortest

OriginPrefer IGP-learned routes overEGP, and EGP over unknown

5 IGP

MED Used externally to enter an AS6 Lowest

External Prefer eBGP routes over iBGP7 eBGP

IGP Cost Consider IGP metric8 Lowest

eBGP Peering Favor more stable routes9 Oldest

Router ID Tie breaker10 Lowest

Influencing Path Selection

Weight neighbor 172.16.0.1 weight 200

MED default-metric 400

Local Preference bgp default local-preference 100

Route Map neighbor 172.16.0.1 route-map Fo

Terminology

Autonomous System (AS)A logical domain under the control of a

single entity

External BGP (eBGP)BGP adjacencies which span autonomo

system boundaries

Internal BGP (iBGP)BGP adjacencies formed within a singleautonomous system

Synchronization RequirementA route must be known by an IGP befo

it may be advertised to BGP peers

Packet Types

Open Update

Keepalive Notification

Neighbor States

Idle Neighbor is not responding

Connect TCP session established

Open Sent Open message sent

Open Confirm Response receive

Established Adjacency establishe

Troubleshooting

show ip bgp [summary]

show ip bgp neighbors

show ip route [bgp]

clear ip bgp * [soft]

debug ip bgp []

Active Attempting to connect

8/8/2019 Pro to Cole

2/30

packetlife.

by Jeremy Stretch v

BGP PART 2Configuration Example

interface Serial1/0description Backbone to Bip address 172.16.0.1 255.255.255.252!interface Serial1/1description Backbone to Cip address 172.16.0.5 255.255.255.252

!interface FastEthernet2/0description LANip address 192.168.1.1 255.255.255.0!router bgp 65100no synchronizationnetwork 172.16.0.0 mask 255.255.255.252network 172.16.0.4 mask 255.255.255.252network 192.168.1.0neighbor South peer-groupneighbor South remote-as 65200neighbor 172.16.0.2 peer-group Southneighbor 172.16.0.6 peer-group South

no auto-summary

10.0.0.0/30

172.16.0.0/30172.16.0.4/30

AS 65100

AS 65200

F0/0 F0/0

A

B C

OSPF

F2/0 F2/0

S1/0S1/0

S1/0 S1/1

F2/0

interface FastEthernet0/0description Backbone to Bip address 10.0.0.2 255.255.255.252!interface Serial1/0description Backbone to Aip address 172.16.0.6 255.255.255.252!interface FastEthernet2/0description LANip address 192.168.3.1 255.255.255.0!

router ospf 100network 10.0.0.2 0.0.0.0 area 0network 192.168.3.1 0.0.0.0 area 2!router bgp 65200no synchronizationredistribute ospf 100 route-map LAN_Subnetsneighbor 10.0.0.1 remote-as 65200neighbor 172.16.0.5 remote-as 65100no auto-summary!access-list 10 permit 192.168.0.0 0.0.255.255!route-map LAN_Subnets permit 10

match ip address 10set metric 100

interface FastEthernet0/0description Backbone to Cip address 10.0.0.1 255.255.255.252!interface Serial1/0description Backbone to Aip address 172.16.0.2 255.255.255.252!interface FastEthernet2/0description LANip address 192.168.2.1 255.255.255.0!

router ospf 100network 10.0.0.1 0.0.0.0 area 0network 192.168.2.1 0.0.0.0 area 1!router bgp 65200no synchronizationredistribute ospf 100 route-map LAN_Subnetsneighbor 10.0.0.2 remote-as 65200neighbor 172.16.0.1 remote-as 65100no auto-summary!access-list 10 permit 192.168.0.0 0.0.255.255!route-map LAN_Subnets permit 10

match ip address 10set metric 100

Router A Routing Table Router B Routing Table

172.16.0.0/30 is subnetted, 2 subnetsC 172.16.0.4 is directly connected, S1/1C 172.16.0.0 is directly connected, S1/0C 192.168.1.0/24 is directly connected, F2/0B 192.168.2.0/24 [20/100] via 172.16.0.2B 192.168.3.0/24 [20/100] via 172.16.0.2

172.16.0.0/30 is subnetted, 2 subnetsB 172.16.0.4 [20/0] via 172.16.0.1C 172.16.0.0 is directly connected, S1/0

10.0.0.0/30 is subnetted, 1 subnetsC 10.0.0.0 is directly connected, F0/0B 192.168.1.0/24 [20/0] via 172.16.0.1C 192.168.2.0/24 is directly connected, F2/0O IA 192.168.3.0/24 [110/2] via 10.0.0.2, F0/0

Route

RouteRouter B

8/8/2019 Pro to Cole

3/30

packetlife.

by Jeremy Stretch v

CISCO IOS VERSIONSIOS Nomenclature Release Lifecycle

EOS NoticeNotification of upcoming EOS

First Customer Shipment (FCS)The release is made available to Cisco customers on CCO

IOS Version Verification

show version

dir :

verify :

End of Sale (EOS)The release is no longer orderable or included inmanufactured shipments

End of Engineering (EOE)The last day for software fixes; only TAC assistance is offefrom this point

End of Life (EOL)The last day for TAC support; release becomes obsolete;upgrade is only option for continued support

EOS Notice

EOS

EOE

EOL

IOS Package Trees

Advanced IP Services

Advanced Enterprise Services

Enterprise Services

Advanced

SecuritySP Services

Enterprise

Base

IP Voice

IP Base

Advanced Enterprise Services

Advanced IP Services Enterprise Services

IP Base

IP Services

IOS Filename

c3725-entbase-mz.124-6.T.bi

Hardware

Feature Set

Memory LocationCompression Format

Maintenance Release

Individual Release

T Designator

Deployment Classifications

3.2.1Major Release

Minor Release

Maintenance Release

IOS XR

12.2(25)SEB4Release

Individual Release

Numbered Version

S Train

12.4(9)T1Maintenance Release

Individual Release

New Feature Identifier

Numbered Version

T Train

12.4(7a)Maintenance Release

Individual Release

Numbered Version

Mainline

General Deployment (GD)A major release considered qualified for deployment oncritical devices

Early Deployment (ED)Offers new feature, platform, or interface support

Deferred (DF)Known defective images; should not be installed

Limited Deployment (LD)A major release prior to reaching its GD milestone

0 12 24 36 48 60 72 84

Months

8/8/2019 Pro to Cole

4/30

packetlife.

by Jeremy Stretch v

CISCO IOS VERSIONSIOS Nomenclature Release Lifecycle

EOS NoticeNotification of upcoming EOS

First Customer Shipment (FCS)The release is made available to Cisco customers on CCO

IOS Version Verification

show version

dir :

verify :

End of Sale (EOS)The release is no longer orderable or included inmanufactured shipments

End of Engineering (EOE)The last day for software fixes; only TAC assistance is offefrom this point

End of Life (EOL)The last day for TAC support; release becomes obsolete;upgrade is only option for continued support

EOS Notice

EOS

EOE

EOL

IOS Package Trees

Advanced IP Services

Advanced Enterprise Services

Enterprise Services

Advanced

SecuritySP Services

Enterprise

Base

IP Voice

IP Base

Advanced Enterprise Services

Advanced IP Services Enterprise Services

IP Base

IP Services

IOS Filename

c3725-entbase-mz.124-6.T.bi

Hardware

Feature Set

Memory LocationCompression Format

Maintenance Release

Individual Release

T Designator

Deployment Classifications

3.2.1Major Release

Minor Release

Maintenance Release

IOS XR

12.2(25)SEB4Release

Individual Release

Numbered Version

S Train

12.4(9)T1Maintenance Release

Individual Release

New Feature Identifier

Numbered Version

T Train

12.4(7a)Maintenance Release

Individual Release

Numbered Version

Mainline

General Deployment (GD)A major release considered qualified for deployment oncritical devices

Early Deployment (ED)Offers new feature, platform, or interface support

Deferred (DF)Known defective images; should not be installed

Limited Deployment (LD)A major release prior to reaching its GD milestone

0 12 24 36 48 60 72 84

Months

8/8/2019 Pro to Cole

5/30

packetlife.

by Jeremy Stretch v

EIGRPProtocol Header

Type

Attributes

Algorithm

Internal AD

External AD

Distance Vector

DUAL

90

170

Summary AD

Standard

Protocols

Transport

5

Cisco proprietary

IP, IPX, Appletalk

IP/88

Version Opcode Checksum

8 16 24 32

Flags

Sequence Number

Acknowledgment Number

Autonomous System Number

Type Length

Value

Authentication

Multicast IP

Hello Timers

Hold Timers

MD5

224.0.0.10

5/60

15/180

Metric Formula

256 * (K1 * bw + + K3 * delay) *K2 * bw

256 - load

K5

rel + K4

bw = 107/ minimum path bandwidth in kbps delay = interface delay in secs / 10

EIGRP Configuration

! Enable EIGRProuter eigrp

! Add networks to advertisenetwork

! Configure K values to manipulate metric formulametric weights 0

! Disable automatic route summarizationno auto-summary

! Designate passive interfacespassive-interface ( | default)

! Enable stub routingeigrp stub [receive-only | connected | static | summary]

! Statically identify neighoring routersneighbor

Protocol Configuration

! Set maximum bandwidth EIGRP can consumeip bandwidth-percent eigrp

! Configure manual summarization of outbound routesip summary-address eigrp []

! Enable MD5 authenticationip authentication mode eigrp md5ip authentication key-chain eigrp

! Configure hello and hold timersip hello-interval eigrp ip hold-time eigrp

! Disable split horizon for EIGRPno ip split-horizon eigrp

Interface Configuration

K Defaults Packet Types

K1 1

K2 0

K3 1

K4 0

K5 0

1 Update

3 Query

4 Reply

5 Hello

8 Acknowledge

Terminology

Feasible DistanceThe distance advertised by a neighbor plus the cos

to get to that neighbor

Reported DistanceThe metric for a route advertised by a neighbor

Stuck In Active (SIA)The condition when a route becomes unreachableand not all queries for it are answered; adjacencie

with unresponsive neighbors are reset

Passive InterfaceAn interface which does not participate in EIGRP bwhose network is advertised

Stub RouterA router which advertises only a subset of routes,and is omitted from the route query process

Troubleshooting

show ip eigrp interfaces

show ip eigrp neighbors

show ip eigrp topology

show ip eigrp traffic

clear ip eigrp neighbors

debug ip eigrp [packet | neighbors]

8/8/2019 Pro to Cole

6/30

packetlife.

by Jeremy Stretch v

FIRST HOP REDUNDANCYProtocols

HSRP Configuration

interface FastEthernet0/0ip address 10.0.1.2 255.255.255.0standby version {1 | 2}standby 1 ip 10.0.1.1standby 1 timers standby 1 priority standby 1 preemptstandby 1 authentication md5 key-string standby 1 track standby 1 track decrement

Troubleshooting

show standby [brief]

show glbp [brief]

Virtual Router Redundancy Protocol (VRRP)An open-standard alternative to Cisco's HSRP,

providing the same functionality

Hot Standby Router Protocol (HSRP)Provides default gateway redundancy using one activeand one standby router; standardized but licensed byCisco Systems

Gateway Load Balancing Protocol (GLBP)Supports arbitrary load balancing in addition toredundancy across gateways; Cisco proprietary

Attributes

HSRP

NoLoad Balancing

RFC 2281Standard

Transport

IPv6 Support

Default Hello

Default Priority

Multicast Group

UDP/1985

Yes

3 sec

100

224.0.0.2

VRRP

No

RFC 3768

IP/112

No

1 sec

100

224.0.0.18

GLBP

Yes

Cisco

UDP/322

Yes

3 sec

100

224.0.0.1

HSRP VRRP GLBP

Standby Active Listen

100 200 100

Backup Master

100 200 100

Backup

VRRP Configuration

interface FastEthernet0/0ip address 10.0.1.2 255.255.255.0vrrp 1 ip 10.0.1.1vrrp 1 timers {advertise | learn}vrrp 1 priority vrrp 1 preemptvrrp 1 authentication md5 key-string vrrp 1 track decrement

GLBP Configuration

interface FastEthernet0/0ip address 10.0.1.2 255.255.255.0glbp 1 ip 10.0.1.1glbp 1 timers glbp 1 timers redirect glbp 1 priority glbp 1 preemptglbp 1 forwarder preemptglbp 1 authentication md5 key-string glbp 1 load-balancing glbp 1 weighting lower upper glbp 1 weighting track decrement

Speak Gateway election in progress

HSRP/GLBP Interface States

Active Active router/VG

Standby Backup router/VG

Listen Not the active router/VG

Master Acting as the virtual router

VRRP Interface States

Backup All non-master routers

GLBP Roles

Active Virtual Gateway (AVG)Answers for the virtual router and assignsvirtual MAC addresses to group members

Active Virtual Forwarder (AVF)All routers which forward traffic for the group

GLBP Load Balancing

Round-Robin (default)The AVG answers host ARP requests for the

virtual router with the next router in the cycleHost-DependentRound-robin cycling is used while a consistenAVF is maintained for each host

WeightedDetermines the proportionate share of hostshandled by each AVF

AVF AVF

AVG

100 200 100

AVF

show vrrp [brief

show track [brie

8/8/2019 Pro to Cole

7/30

packetlife.

by Jeremy Stretch v

FRAME MODE MPLSProtocol Header

MPLS Configuration

! Enable CEFip cef

! Select label protocolmpls label protocol ldp

! Enable MPLS on IP interfacesinterface FastEthernet0/0ip address 10.0.0.1 255.255.255.252mpls ip! Raise MPLS MTU to accommodate multilabel stackmpls mtu 1512

Terminology

Tag Distribution Protocol (TDP)Cisco's proprietary predecessor to LDP

Label Distribution Protocol (LDP)Standards-based label distribution protocol

defined in RFC 3036

Interim Packet PropagationAn LSR temporarily falls back to IP routing

while waiting to learn the necessary MPLSlabel(s)

Label-Switched Path (LSP)The unidirectional path through one or moreLSRs taken by a label-switched packetbelonging to an FEC

Forwarding Equivalence Class (FEC)A group of packets which are forwarded in an

identical manner, typically by destination preand/or traffic class

Troubleshooting

show mpls interfaces

show mpls ldp neighbors

show mpls ldp bindings [detail] (LIB)

show mpls forwarding-table [detail] (LFIB)

show ip cef [detail] (FI

Label (20 bits) Unique label value

Bottom of Stack (1 bit) Indicates label is last in the stack

Time To Live (8 bits) Hop counter mapped from IP TTL

Traffic Class (3 bits) CoS-mapped QoS marking

Label

8 16 24 32

TC S TTL

L2 IP

Label stack

Label Switched Path

Customer (C) IP-only routers internal to customer network

Provider Edge (PE) LSRs on the MPLS-IP boundary

Provider (P) MPLS-only LSRs in provider network

Customer Edge (CE) C routers which face PE routers

Label Protocols

LDP

UDP/646Hello Port

224.0.0.2Hello Address

Proprietary

Adjacency Port

No

TCP/646

PE PE

LSP

Provider Network

Customer Network

P P

P

CE CEC C

TDP

UDP/711

255.255.255.2

Cisco

TCP/711

Conceptual Components

Forwarding/Data PlaneForwards packets based on label or destinatioIP address (includes the FIB and LFIB)

Control PlaneFacilitates label exchange between neighborinLSRs using LDP or TDP (includes the LIB)

Label Switching Router (LSR)Any router performing label switching (MPLS)

Label Information Base (LIB)Contains all labels learned by an LSR via a ladistribution protocol

Forwarding Information Base (FIB)Routing database for unlabeled (IP) packets

Label FIB (LFIB)Routing database for labeled (MPLS) packets

Penultimate Hop Popping (PHP)The second-to-last LSR in an LSP removes thMPLS label so the last LSR only has to performan IP lookup

debug mpls []

8/8/2019 Pro to Cole

8/30

8/8/2019 Pro to Cole

9/30

packetlife.

by Jeremy Stretch v

IOS IPV4 ACCESS LISTSStandard ACL Syntax

permit

Actions

deny

remark

evaluate

Allow matched packets

Deny matched packets

Record a configuration comment

Evaluate a reflexive ACL

Extended ACL Syntax

! Legacy syntaxaccess-list {permit | deny} [log]

! Modern syntaxip access-list standard { | }[] {permit | deny} [log]

ACL Numbers

TCP Options

1-991300-1999

IP standard

100-199

2000-2699 IP extended

200-299 Protocol

300-399 DECnet

400-499 XNS

ack Match ACK flag

fin Match FIN flag

psh Match PSH flag

rst Match RST flag

syn Match SYN flag

Troubleshooting

show access-lists [ | ]

show ip access-lists [ | ]

show ip access-lists interface

show ip access-lists dynamic

show ip interface []

show time-range []

! Legacy syntaxaccess-list {permit | deny} [] [] []

! Modern syntaxip access-list extended { | }[] {permit | deny} [] [] []

500-599 Extended XNS

600-699 Appletalk

700-799 Ethernet MAC

800-899 IPX standard

900-999 IPX extended

1000-1099 IPX SAP

1100-1199 MAC extended

1200-1299 IPX summary

urg

established

Match URG flag

Source/Destination Definitions

any Any address

host A single address

Any address matched by the wildcard mask

IP Options

dscp Match the specified IP DSCP

fragments Check non-initial fragments

option Match the specified IP option

precedence {0-7} Match the specified IP precedence

ttl Match the specified IP time to live (TTL)

TCP/UDP Port Definitions

eq Not equal to

lt Greater than

range Matches a range of port numbers

neq

gt

Equal to

Less than

Miscellaneous Options

reflect Create a reflexive ACL entry

time-range Enable rule only during the given time rang

Applying ACLs to Restrict Traffic

interface FastEthernet0/0

ip access-group { | } {in | out}

Match packets in anestablished session

Logging Options

log Log ACL entry matches

log-inputLog matches includingingress interface andsource MAC address

8/8/2019 Pro to Cole

10/30

packetlife.

by Jeremy Stretch v

IPSECProtocols Encryption Algorithms

DES Symmetric 56

Type Key Length (Bits)

AES Symmetric

3DES Symmetric 168

Weak

Strengt

Medium

RSA Asymmetric

128/192/256

1024+

Strong

Strong

Hashing Algorithms

MD5 128

Length (Bits)

SHA-1 160

Medium

Strength

Strong

Internet Security Association and Key ManagementProtocol (ISAKMP)A framework for the negotiation and management ofsecurity associations between peers (traverses UDP/500)

Internet Key Exchange (IKE)Responsible for key agreement using asymmetric

cryptographyEncapsulating Security Payload (ESP)Provides data encryption, data integrity, and peerauthentication; IP protocol 50

Authentication Header (AH)Provides data integrity and peer authentication, but not dataencryption; IP protocol 51

IPsec Modes

IKE Phases

Phase 1A bidirectional ISAKMP SA is establishedbetween peers to provide a secure managemechannel (IKE in main or aggressive mode)

Phase 1.5 (optional)Xauth can optionally be implemented to enforcuser authentication

Phase 2Two unidirectional IPsec SAs are established fodata transfer using separate keys (IKE quickmode)

Transport ModeThe ESP or AH header is inserted behind the IP header; theIP header can be authenticated but not encrypted

Tunnel ModeA new IP header is created in place of the original; thisallows for encryption of the entire original packet

Configuration

crypto isakmp policy 10encryption aes 256hash shaauthentication pre-sharegroup 2lifetime 3600

ISAKMP Policy

crypto isakmp key 1 MySecretKey address 10.0.0.2

ISAKMP Pre-Shared Key

crypto ipsec transform-set MyTS esp-aes 256 esp-sha-hmac

mode tunnel

IPsec Transform Set

crypto ipsec profile MyProfileset transform-set MyTS

IPsec Profile

interface Tunnel0ip address 172.16.0.1 255.255.255.252tunnel source 10.0.0.1tunnel destination 10.0.0.2tunnel mode ipsec ipv4tunnel protection ipsec profile MyProfile

Virtual Tunnel Interface

Troubleshooting

show crypto isakmp sa

show crypto isakmp policy

show crypto ipsec sa

show crypto ipsec transform-set

debug crypto {isakmp | ipsec}

Terminology

Data Origin AuthenticationAuthentication of the SA peer

Data IntegritySecure hashing (HMAC) is used to ensure datahas not been altered in transit

Data ConfidentialityEncryption is used to ensure data cannot beintercepted by a third party

Anti-replaySequence numbers are used to detect anddiscard duplicate packets

Hash Message Authentication Code (HMAA hash of the data and secret key used toprovide message authenticity

Diffie-Hellman ExchangeA shared secret key is established over aninsecure path using public and private keys

L2 IP TCP/UDP

L2 IP TCP/UDP

L2 TCP/UDPIP

ESP/AH

ESP/AHNew IP

Original

Packet

TransportMode

Tunnel

Mode

8/8/2019 Pro to Cole

11/30

packetlife.

by Jeremy Stretch v

IPV4 MULTICASTLayer 2 Addressing

224.0.0.0/24

Group Ranges

224.0.1.0/24

232.0.0.0/8

233.0.0.0/8

Local network contro

Internetwork control

Source-specific

GLOP (RFC 3180)

239.0.0.0/8 Admin-scoped

IGMP Configuration

ip multicast-routing!

interface FastEthernet0/0ip pim {sparse-mode | dense-mode | sparse-dense-mode}ip pim version {1 | 2}

Distribution Trees

Source-RootedProvides the shortest paths from thesource to receivers

SharedA common set of links which carry all

multicast traffic; statically configured

IGMP Troubleshooting

show ip igmp

show ip igmp group

224.0.0.1

Common Groups

224.0.0.2

224.0.1.39

224.0.1.40

All hosts

All routers

Cisco RP Announce

Cisco RP Discovery

IGMP

IGMPv2Adds support for dynamic leave requeand querier election to original IGMP

IGMPv3Adds multicast source filtering to v2

IGMP SnoopingA switch passively inspects IGMPrequests to determine which hostsshould receive multicast traffic

show ip igmp interface

show ip igmp snooping

ip igmp join-group

Terminology

Internet Group Management Protocol (IGMP)Hosts send IGMP requests to local routers to join multicast groups

Reverse Path Forwarding (RPF)Verifies that multicast traffic travels in the reverse direction ofunicast traffic, away from the tree root

Cisco Group Management Protocol (CGMP)A proprietary protocol used by switches to obtain multicastmembership information for end hosts (deprecated)

IGMP Support

IGMP Snooping

Router(config-if)# ip igmp [version ]

Switch(config)# ip igmp snooping

Protocol Independent Multicast (PIM)

Dense ModeThe initial tree encompasses all multicast routers; after a period oftime, routers without IGMP members prune back branches

Sparse-Dense Mode

Allows a PIM-enabled interface to function in either sparse or densemode per group

Sparse ModeThe tree is grown from a central rendezvous point out to themulticast source and recipients

PIMv1Provides automatic RP discovery with Auto-RP (Cisco proprietary)

PIMv2Automatic RP discovery is accomplished by the bootstrap router(BSR) method (standard)

PIM Configuration

RP Configuration

Manual

Auto-RP Mapping Agent

ip pim rp-address

ip pim send-rp-discovery scope

Auto-RP Candidate

BSR Candidate

ip pim send-rp-announce

ip pim bsr-candidate

BSR RP Candidate ip pim rp-candidate

PIM Troubleshooting

show ip mroute

show ip pim interface

show ip pim neighbor

show ip pim rp [mapping]

show ip rpf

IGMPv1Original IGMP specification

239.142.57.6

01-00-5E-0E-39-06

11101111 10001110 00111001 00000110

00000001 00000000 01011110 00001110 00111001 00000110

8/8/2019 Pro to Cole

12/30

packetlife.

by Jeremy Stretch v

IPV4 SUBNETTING

Terminology

Subnets

CIDR

/32 255.255.255.255 1

Subnet Mask Addresses Wildcard

0.0.0.0

/31 255.255.255.254 2 0.0.0.1

/30 255.255.255.252 4 0.0.0.3

/29 255.255.255.248 8 0.0.0.7

/28 255.255.255.240 16 0.0.0.15

/27 255.255.255.224 32 0.0.0.31

/26 255.255.255.192 64 0.0.0.63

/25 255.255.255.128 128 0.0.0.127

/24 255.255.255.0 256 0.0.0.255

/23 255.255.254.0 512 0.0.1.255

/22 255.255.252.0 1,024 0.0.3.255

/21 255.255.248.0 2,048 0.0.7.255

/20 255.255.240.0 4,096 0.0.15.255/19 255.255.224.0 8,192 0.0.31.255

/18 255.255.192.0 16,384 0.0.63.255

/17 255.255.128.0 32,768 0.0.127.255

/16 255.255.0.0 65,536 0.0.255.255

/15 255.254.0.0 131,072 0.1.255.255

/14 255.252.0.0 262,144 0.3.255.255

/13 255.248.0.0 524,288 0.7.255.255

/12 255.240.0.0 1,048,576 0.15.255.255

/11 255.224.0.0 2,097,152 0.31.255.255

/10 255.192.0.0 4,194,304 0.63.255.255

/9 255.128.0.0 8,388,608 0.127.255.255

/8 255.0.0.0 16,777,216 0.255.255.255

/7 254.0.0.0 33,554,432 1.255.255.255

/6 252.0.0.0 67,108,864 3.255.255.255

/5 248.0.0.0 134,217,728 7.255.255.255

/4 240.0.0.0 268,435,456 15.255.255.255

/3 224.0.0.0 536,870,912 31.255.255.255/2 192.0.0.0 1,073,741,824 63.255.255.255

/1 128.0.0.0 2,147,483,648 127.255.255.255

/0 0.0.0.0 4,294,967,296 255.255.255.255

Decimal to Binary

Subnet Mask Wildcard

255 1111 1111 0 0000 0000

254 1111 1110 1 0000 0001

252 1111 1100 3 0000 0011

248 1111 1000 7 0000 0111

240 1111 0000 15 0000 1111

224 1110 0000 31 0001 1111

192 1100 0000 63 0011 1111

128 1000 0000 127 0111 1111

0 0000 0000 255 1111 1111

Subnet Proportion

Classful Ranges

A 0.0.0.0 127.255.255.255

B 128.0.0.0 - 191.255.255.255

C 192.0.0.0 - 223.255.255.255

D 224.0.0.0 - 239.255.255.255

E 240.0.0.0 - 255.255.255.255

Reserved Ranges

RFC 1918 10.0.0.0 - 10.255.255.255Localhost 127.0.0.0 - 127.255.255.255

RFC 1918 172.16.0.0 - 172.31.255.255

RFC 1918 192.168.0.0 - 192.168.255.255

/

/

/

CIDRClassless interdomain routing was developed toprovide more granularity than legacy classfuladdressing; CIDR notation is expressed as /XX

/25

/26/27

/28

VLSMVariable-length subnet masks are an arbitrary lengthbetween 0 and 32 bits; CIDR relies on VLSMs to defiroutes

8/8/2019 Pro to Cole

13/30

packetlife.

by Jeremy Stretch v

IPV6Protocol Header

8 16 24 32

Extension Headers

Ver Traffic Class Flow Label

Payload Length Next Header Hop Limit

Source Address

Destination Address

Version (4 bits) Always set to 6

Traffic Class (8 bits) A DSCP value for QoS

Flow Label (20 bits) Identifies unique flows (optional)

Payload Length (16 bits) Length of the payload in bytes

Next Header (8 bits) Header or protocol which follows

Hop Limit (8 bits) Similar to IPv4's time to live field

Source Address (128 bits) Source IP address

Destination Address (128 bits) Destination IP address

Address Types

Unicast One-to-one communication

Multicast One-to-many communication

Anycast An address configured in multiple locations

Address Notation

Address Formats

EUI-64 Formation

Insert 0xfffe between the two halves of the MA

Flip the seventh bit (universal/local flag) to 1

Special-Use Ranges

::/0

::/128

Default route

Unspecified

::1/128

::/96

Loopback

IPv4-compatible*

::FFFF:0:0/962001::/32

IPv4-mappedTeredo

2001:DB8::/32

2002::/16

Documentation

6to4

FC00::/7

FE80::/10

Unique local

Link-local unicast

FEC0::/10

FF00::/8

Site-local unicast*

Multicast

Hop-by-hop Options (0)Carries additional information which must be examined by everyrouter in the path

Routing (43)Provides source routing functionality

Fragment (44)Included when a packet has been fragmented by its source

Encapsulating Security Payload (50)Provides payload encryption (IPsec)

Authentication Header (51)Provides packet authentication (IPsec)

Destination Options (60)Carries additional information which pertains only to the recipient

Transition Mechanisms

Dual StackTransporting IPv4 and IPv6 across an infrastructure simultaneously

TunnelingIPv6 traffic is encapsulated into IPv4 using IPv6-in-IP, UDP (Teredoor Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)

TranslationStateless IP/ICMP Translation (SIIT) translates IP header fields, NATProtocol Translation (NAT-PT) maps between IPv6 and IPv4 address

Multicast Scopes

1 Interface-local 5 Site-local

2 Link-local 8 Org-local

4 Admin-local E Global

* Deprecated

EUI-64

MAC

Global unicast

Global Prefix Subnet Interface ID

48 16 64

Link-local unicast

Interface ID

64 64

Multicast

Group IDFlags

Scope

1128 4 4

Eliminate leading zeros from all two-byte sets

Replace up to one string of consecutive zeroswith a double-colon (::)

8/8/2019 Pro to Cole

14/30

packetlife.

by Jeremy Stretch v

IS-IS PART 1

Type

Attributes

Algorithm

Metric

Link-State

Dijkstra

Default (10)

AD

Standard

Protocols

Transport

115

ISO 10589

IP, CLNS

Layer 2

Network Types

DIS Elected Yes

Broadcast

Neighbor Discovery YesHello/Dead Timers 10/30

Adjacency Requirements

Interface MTUs must match

Areas must match (if level 1)

System IDs must be unique

Authentication must succeed

show ip route

show ip protocols

show [clns|isis] neighbor

show [clns|isis] interface

show isis database

Levels must match

Protocol Header

IRPD

4 8 12 16

Type Length

Value ...

Packet Length

Version/Protocol ID Extension ID Length

R R R PDU Type Version

Reserved Maximum Area Addresses

NSAP Addressing Authentication Plaintext, MD5

Interdomain Part (IDP)Portion of the address used in routing between autonomoussystems; assigned by ISO

Domain-Specific Part (DSP)Portion of the address relevant only within the local AS

Authority and Format Identifier (AFI)Identifies the authority which dictates the format of the address

Initial Domain Identifier (IDI)An organization belonging to the AFI

High Order DSP (HODSP)The area within the AS

System IDUnique router identifier; 48 bits for Cisco devices (often taken froma MAC address)

NSAP Selector (SEL)Identifies a network layer service; always 0x00 in a NET address

No

Point-to-Point

Yes10/30

Troubleshooting

show isis spf-log

debug isis spf-events

debug isis adjacencies-packets

debug isis spf-statistics

debug isis update-packets

Routing Levels

Level 0

Level 1

Level 2

Used to locate end systems

Routing within an area

Backbone between areas

Level 3 Inter-AS routing

Terminology

Type-Length-Value (TLV)Variable-length modular datasets

Link State PDU (LSP)Carry TLVs encompassing link stateinformation

DIS Election

Highest-priority interface elected

Highest system ID breaks SNPA tie

Default interface priority is 64

Current DIS may be preempted

Highest SNPA (MAC/DLCI) breaks tie

Sequence Number Packet (SNP)Used to request and advertise LSPs; cbe complete (CSNP) or partial (PSNP)

Hello Packet

Establishes and maintains neighboradjacencies

Designated Intermediate SystemA pseudonode responsible for emulatinpoint-to-point links across a multi-accsegment

AFI IDI

47

Area

HODSP

0005.80ff.f800.0000 0001

System ID

0000.0c00.1234

SEL

00

Interdomain Part Domain-Specific Part

Condensed

NSAP

Example

8/8/2019 Pro to Cole

15/30

packetlife.

by Jeremy Stretch v

IS-IS PART 2TLV Types

interface FastEthernet0/0description Area 1ip address 192.168.1.2 255.255.255.0ip router isisisis circuit-type level-1!router isisnet 49.0001.0000.0000.00a2.00

interface FastEthernet0/0description Area 2

ip address 192.168.2.1 255.255.255.0ip router isisisis circuit-type level-1!interface Serial1/0no ip addressencapsulation frame-relay!interface Serial1/0.1 point-to-pointdescription To Area 1ip address 10.0.0.2 255.255.255.252ip router isisisis circuit-type level-2-only! MD5 authentication (keychain not shown)

isis authentication mode md5isis authentication key-chain frame-relay interface-dlci 101!interface Serial1/0.2 point-to-pointdescription To Area 3ip address 10.0.0.9 255.255.255.252ip router isisisis circuit-type level-2-onlyframe-relay interface-dlci 103!router isisnet 49.0002.0000.0000.00b1.00

interface FastEthernet0/0description Area 1

ip address 192.168.1.1 255.255.255.0ip router isisisis circuit-type level-1!interface Serial1/0no ip addressencapsulation frame-relay!interface Serial1/0.1 point-to-pointdescription To Area 2ip address 10.0.0.1 255.255.255.252ip router isisisis circuit-type level-2-only! MD5 authentication (keychain not shown)

isis authentication mode md5isis authentication key-chain frame-relay interface-dlci 101!interface Serial1/0.2 point-to-pointdescription To Area 3ip address 10.0.0.5 255.255.255.252ip router isisisis circuit-type level-2-onlyframe-relay interface-dlci 102!router isisnet 49.0001.0000.0000.00a1.00

Router

RouterRouter A1

10

.0.0.0

/30

10.0.0.4/30

10.0.0.8/30

Area 1192.168.1.0/24

Area 2192.168.2.0/24

Area 3192.168.3.0/24

B2

B3

C2

C3

A2A3

1 Area Addresses

Name

2 IS Neighbors

3 ES Neighbors

Hello, LSP

Use

LSP

L1 LSP

5 Prefix Neighbors L2 LSP

128 IP Internal Reach.

129 Protocols Supported

131 IDRPI

LSP

Hello, LSP

SNP, L2 L

132 IP Interface Address Hello, LSP

6 IS Neighbors

8 Padding

9 LSP Entries

Hello, L2 LSP

Hello

SNP

10 Authentication All

Name Use Name Use

Configuration Example

interface FastEthernet0/0description Area 2ip address 192.168.2.2 255.255.255.0ip router isisisis circuit-type level-1!router isisnet 49.0002.0000.0000.00b2.00

Router

A1

B1 C1

8/8/2019 Pro to Cole

16/30

packetlife.

by Jeremy Stretch v

MARKDOWNHeaders

# Text Text

## Text Text

### Text Text

#### Text Text

##### Text Text

###### Text Text

Blockquotes

> Lorem ipsum> dolor sit amet

Lorem ipsum dolor sit amet

> Lorem ipsum dolorsit amet

Lorem ipsum dolor sit amet

> Level one>> > Level two> >> > > Level three

Level one

Level two

Level three

Lists

* Sizes* Shapes* Colors

* Blue* Green

SizesShapesColorsBlueGreen

1. First2. Second3. Third

1. Alpha2. Bravo

FirstSecondThirdAlphaBravo

Code Blocks

Normal text

#include

Normal text

#include

Inline Code

Use `` tags Use

tags

``echo `uname -a``` echo `uname -a`

Horizontal Rules

* * *

***

- - -

---

Emphasis

*Emphasis* Emphasis

_Emphasis_ Emphasis

**Strong** Strong

__Strong__ Strong

*Super*emphasis Superemphasis

**Super**strong Superstrong

Escapable Characters

\ Backslash

` Backtick

*

_

{ }

[ ]

Asterisk

Underscore

Curly braces

Square brackets

( ) Parantheses

# Hash mark

+

-

.

!

Plus sign

Hyphen

Period

Exclamation

Links

[Google](http://google.com/) Google

[Google](http://google.com/ "Search") Google

8/8/2019 Pro to Cole

17/30

packetlife.

by Jeremy Stretch v

MEDIAWIKIHeaders

=Text= Text

==Text== Text

===Text=== Text

====Text==== Text

=====Text===== Text

======Text====== Text

Code

Text Text

Text Text

Miscellaneous

Suppress [[wiki]]'''markup'''

Suppress [[wiki]]

'''markup'''

Lists

* Sizes* Shapes* Colors** Blue** Green

SizesShapesColorsBlueGreen

# First# Second# Third

FirstSecondThird

; Term 1 : Foo; Term 2 : Bar; Term 3 : Baz

Term 1FooItem 2BarItem 3Baz

Formatting

''Text'' Text

'''Text''' Text

'''''Text'''''

Text

Text

Text

Text

Text

Templates

Unnamed variables Books by {{{1}}}

Invoking the template {{Author|Palahniuk}}

Named variables Books by {{{name}}}

Invoking the template {{Author|name=Palahniuk}}

Categories

Assign object to a category [[Category:Humor]]

Link to a category [[:Category:Humor]]

Links

[[packet switching]] packet switching

[[packet switching|packet switched]] packet switched

IP [[network]]ing

IEEE [[802.3 (Ethernet)|]]

[http://google.com/]

[http://google.com/ Google]

IP networking

IEEE 802.3

http://google.com/

Google

Images

[[Image:photo.png]]

[[Image:photo.png|Alt text]]

8/8/2019 Pro to Cole

18/30

packetlife.

by Jeremy Stretch v

NETWORK ADDRESS TRANSLATION

interface FastEthernet0ip address 10.0.0.1 255.255.0.0ip nat inside!interface FastEthernet1ip address 174.143.212.1 255.255.252.0ip nat outside

! One line per static translationip nat inside source static 10.0.0.19 192.0.2.1ip nat inside source static 10.0.1.47 192.0.2.2ip nat outside source static 174.143.212.133 10.0.0.47ip nat outside source static 174.143.213.240 10.0.2.181

FastEthernet0

10.0.0.1/16

NAT Inside

FastEthernet1

174.143.212.1/22

NAT Outside

NAT Boundary Configuration

Static Source Translation

Dynamic Source Translation

! Create an access list to match inside local addressesaccess-list 10 permit 10.0.0.0 0.0.255.255!! Create NAT pool of inside global addressesip nat pool MyPool 192.0.2.1 192.0.2.254 prefix-length 24

!! Combine them with a translation ruleip nat inside source list 10 pool MyPool!! Dynamic translations can be combined with static entriesip nat inside source static 10.0.0.42 192.0.2.42

! Static layer four port translationsip nat inside source static tcp 10.0.0.3 8080 192.0.2.1 80ip nat inside source static udp 10.0.0.14 53 192.0.2.2 53ip nat outside source static tcp 174.143.212.4 23 10.0.0.8 23!

! Dynamic port translation with a poolip nat inside source list 11 pool MyPool overload!! Dynamic translation with interface overloadingip nat inside source list 11 interface FastEthernet1 overload

Port Address Translation (PAT)

! Create a rotary NAT poolip nat pool LoadBalServers 10.0.99.200 10.0.99.203 prefix-length 24 type rotary!! Enable load balancing across inside hosts for incoming trafficip nat inside destination list 12 pool LoadBalServers

Inside Destination Translation

Perspective

Location

Local Global

Inside

Outside

Inside Local Inside Glob

Outside Local Outside Glo

Address Classification

Inside LocalAn actual address assignedan inside host

An inside address seen fromthe outside

Inside Global

Outside GlobalAn actual address assignedan outside host

An outside address seen frothe inside

Outside Local

Troubleshooting

show ip nat translations [verbose]

show ip nat statistics

clear ip nat translations

Special NAT Pool Types

Rotary Used for load balancing

Preserves the host portion othe address after translation

Match-Host

Example Topology

Terminology

NAT PoolA pool of IP addresses to be used as insideglobal or outside local addresses in translatio

Extendable TranslationThe extendable keyword must be appendedwhen multiple overlapping static translations

configured

Port Address Translation (PAT)An extension to NAT that translates informatiat layer four and above, such as TCP and UDport numbers; dynamic PAT configurationsinclude the overload keyword

ip nat translation tcp-timeout

8/8/2019 Pro to Cole

19/30

packetlife.

by Jeremy Stretch v

OSPF PART 1Protocol Header

Type

Attributes

Algorithm

Metric

Link-State

Dijkstra

Cost (Bandwidth

AD

Standard

Protocols

Transport

110

RFC 2328, 2740

IP

IP/89

Router Types

Internal RouterAll interfaces reside within thesame area

Backbone RouterA router with an interface inarea 0 (the backbone)

Area Border Router (ABR)Connects two or more areas

AS Boundary Router (ASBR)Connects to additional routingdomains; typically located inthe backbone

Troubleshooting

show ip [route | protocols]

show ip ospf interface

show ip ospf neighbor

* modifiable ospf auto-cost reference-bandwi

Metric Formula

Version Type Length

8 16 24 32

Router ID

Area ID

Checksum Instance ID Reserved

Data

Link State Advertisements

Router Link (Type 1)Lists neighboring routers and the cost to each; flooded within an area

Network Link (Type 2)Generated by a DR; lists all routers on an adjacent segment; floodedwithin an area

Network Summary (Type 3)Generated by an ABR and advertised among areas

ASBR Summary (Type 4)Injected by an ABR into the backbone to advertise the presence of anASBR within an area

External Link (Type 5)Generated by an ASBR and flooded throughout the AS to advertise aroute external to OSPF

NSSA External Link (Type 7)Generated by an ASBR in a not-so-stubby area; converted into atype 5 LSA by the ABR when leaving the area

DR/BDR Election

The BDR also maintains adjacencieswith all routers in case the DR fails

Election does not occur on point-to-point or multipoint links

Default priority (0-255) is 1; highespriority wins; 0 cannot be elected

DR preemption will not occur unlessthe current DR is reset

Virtual Links

Tunnel formed to join two areasacross an intermediate

Both end routers must share acommon area

At least one end must reside in area

Cannot traverse stub areas

Area Types

Standard AreaDefault OSPF area type

Stub AreaExternal link (type 5) LSAs arereplaced with a default route

Totally Stubby AreaType 3, 4, and 5 LSAs arereplaced with a default route

Not So Stubby Area (NSSA)A stub area containing an ASBR;type 5 LSAs are converted to type7 within the area

External Route Types

E1 Cost to the advertising ASBR plus the external cost of the route

E2 (Default) Cost of the route as seen by the ASBR

Authentication

AllSPF Address

AllDR Address

Plaintext, MD5

224.0.0.5

224.0.0.6

Adjacency States

1

2

Down

Attempt

5

6

Exstart

Exchange

3

4

Init

2-Way

7

8

Loading

Full

show ip ospf border-routers

show ip ospf virtual-links

debug ip ospf []

cost =100,000 Kbps*

link speed

The DR serves as a common point fall adjacencies on a multiaccesssegment

8/8/2019 Pro to Cole

20/30

packetlife.

by Jeremy Stretch v

OSPF PART 2

Configuration Example

interface Serial0/0description WAN Linkip address 172.16.34.2 255.255.255.252!interface FastEthernet0/0description Area 0ip address 192.168.0.1 255.255.255.0!

interface Loopback0! Used as router IDip address 10.0.34.1 255.255.255.0!router ospf 100! Advertising the WAN cloud to OSPFredistribute static subnetsnetwork 192.168.0.0 0.0.0.255 area 0!! Static route to the WAN cloudip route 172.16.0.0 255.255.192.0 172.16.34.1

interface Ethernet0/0

description Area 9ip address 192.168.9.1 255.255.255.0ip ospf 100 area 9!interface Ethernet0/1description Area 2ip address 192.168.2.2 255.255.255.0ip ospf 100 area 2! Optional MD5 authentication configuredip ospf authentication message-digestip ospf message-digest-key 1 md5 FooBar! Give C second priority (BDR) in electionip ospf priority 50!

!!!!!interface Loopback0ip address 10.0.34.3 255.255.255.0!router ospf 100! Define area 9 as a totally stubby areaarea 9 stub no-summary! Virtual link from area 9 to area 0area 2 virtual-link 10.0.34.2

interface Ethernet0/0

description Area 0ip address 192.168.0.2 255.255.255.0ip ospf 100 area 0!interface Ethernet0/1description Area 2ip address 192.168.2.1 255.255.255.0ip ospf 100 area 2! Optional MD5 authentication configuredip ospf authentication message-digestip ospf message-digest-key 1 md5 FooBar! Give B priority in DR electionip ospf priority 100!

interface Ethernet0/2description Area 1ip address 192.168.1.1 255.255.255.0ip ospf 100 area 1!interface Loopback0ip address 10.0.34.2 255.255.255.0!router ospf 100! Define area 1 as a stub areaarea 1 stub! Virtual link from area 0 to area 9area 2 virtual-link 10.0.34.3

Route

RouteRouter B

Network Types

DR/BDR Elected

Nonbroadcast(NBMA)

MultipointBroadcast

Neighbor Discovery

Hello/Dead Timers

Defined By

Supported Topology

MultipointNonbroadcast Broadcast Point-to-Point

Yes

No

30/120

RFC 2328

Full Mesh

No

Yes

30/120

RFC 2328

Any

No

No

30/120

Cisco

Any

Yes

Yes

10/40

Cisco

Full Mesh

No

Yes

10/40

Cisco

Point-to-Poin

Area 0

A

BackboneArea 9

Totally Stubby Area

Area 1Stub Area

Area 2Standard Area

WAN172.16.0.0/18

BC

8/8/2019 Pro to Cole

21/30

PHYSICAL TERMINATIONS packetlife.nOptical Terminations

ST (Straight Tip)

SC (Subscriber Connector)

LC (Local Connector)

MT-RJ

Wireless Antennas

RP-TNC

RP-SMA

Copper Terminations

RJ-45

RJ-11

RJ-21 (25-pair)

DE-9 (Female)

DB-25 (Male)

DB-60 (Male)

GBICs

1000Base-SX/LX

1000Base-T

Cisco GigaStack

1000Base-SX/LX SFP

1000Base-T SFP

X2 (10Gig)

by Jeremy Stretch v

8/8/2019 Pro to Cole

22/30

packetlife.

by Jeremy Stretch v1

POINT-TO-POINT PROTOCOL

LCP Header

Code Identifier Length

8 16 24 32

General PPP Configuration

! Configure a peer account if authentication will be usedusernamepeer-hostname passwordpassword

! Configure a local IP address pool if neededip pool name first-IP last-IP

interface Serial0/0! Enable PPP encapsulationencapsulation ppp

! Enable CHAP and/or PAP for authenticationppp authentication { chap | pap } [ chap | pap ]

! Enable compressioncompress { predictor | stac }

! Enable peer IP address assignment (server side)peer default ip address { pool name | IP-address }

! Enable IP address negotiation (client side)

ip address negotiated

Troubleshooting

show ppp multilink

debug ppp authentication

PPP Components

Link Control Protocol (LCP)Provides for the establishment, configuration, and maintenance of aPPP link. Protocol-independent options are negotiated by LCP.

Network Control Protocol (NCP)A separate NCP is used to negotiate the configuration of each

network layer protocol (such as IP) carried by PPP.

debug ppp { negotiation | packet }

PPP Header

Address Control Protocol

8 16 24 32

Connection Phase Flowchart

Dead Establish

Authenticat

Network

Terminate

Auth Required

No Auth

Succe

Failure

AdminShutdown

Authentication Protocols

Plaintext Authentication Protocol (PAP)Original, obsolete authentication protocol which relies on theexchange of a plaintext key to authenticate peers (RFC 1334).

Challenge Handshake Authentication Protocol (CHAP)Authenticates peers using the MD5 checksum of a pre-shared secret

key (RFC 1994).

PPP Features

Protocol Multiplexing Multiple NCPs

Optional Compression Stacker/predictor

Loopback Detection Provided by LCP

Load Balancing Multilink PPP

Optional Authentication PAP/CHAP

Multilink PPP Configuration

! Create the multilink interfaceinterface Multilink1ip address IP-address subnet-maskppp multilink group group

! Assign physical interfaces to the multilink groupinterface Serial0/0encapsulation pppppp multilink group group

PPP Summary

Standard RFC 1661

Asynchronous serial, synchronoserial, ISDN, HSSI

Interfaces

PPP Compression Algorithms

Stacker

Replaces repetitive data with symbols from adynamic dictionary (more processor-intensive

PredictorAttempts to predict sequential data (morememory-intensive)

PPP Connection Example

LCP Configuration Request

LCP Configuration Ack

CHAP Challenge

CHAP Response

CHAP Success

IP Control Configuration Request

IP Control Configuration Ack

CDP Control Configuration Request

CDP Control Configuration Ack

8/8/2019 Pro to Cole

23/30

packetlife.

by Jeremy Stretch v

QUALITY OF SERVICE PART 1Quality of Service Models

Layer 2 QoS Markings

Medium

Ethernet Class of Service (CoS)

Name Type

3-bit 802.1p field in 802.1Q header

Frame Relay Discard Eligibility (DE) 1-bit drop eligibility flag

Best Effort No QoS policies are implemented

Integrated Services (IntServ)Resource Reservation Protocol (RSVP) is used to reserve bandwidth per-flow across all nodes in a path

Differentiated Services (DiffServ)Packets are individually classified and marked; policy decisions are made

independently by each node in a path

IP Type of Service (TOS)

Ver HL LenTOS

Precedence

DSCP

Precedence/DSCP

Binary

111000 Reserved

DSCP

56

Prec

7

110000 Reserved48 6

101110 EF46 5

10000032

410001034

10010036

10011038

01100024

301101026

01110028

01111030

01000016

201001018

01010020

010110220010008

100101010

00110012

00111014

000000 BE0 0

CS4

AF41

AF42

AF43

CS3

AF31

AF32

AF33

CS2

AF21

AF22

AF23CS1

AF11

AF12

AF13

ATM

MPLS

Cell Loss Priority (CLP)

Traffic Class (TC)

1-bit drop eligibility flag

3-bit field compatible with 802.1p

IP QoS Markings

IP PrecedenceThe first three bits of the IP TOS field; limited to 8 traffic classes

Differentiated Services Code Point (DSCP)The first six bits of the IP TOS are evaluated to provide more granularclassification; backward-compatible with IP Precedence

QoS Flowchart

Hardware

Queue

Queuing

Decision

Schedule

rSoftware Queue

No

Yes

Software Queue

Software Queue

HW

Queue

Full?

Terminology

Per-Hop Behavior (PHB)The individual QoS action performed at each independent DiffServ node

Trust Boundary Beyond this, inbound QoS markings are not trusted

Tail Drop Occurs when a packet is dropped because a queue is full

PolicingImposes an artificial ceiling on the amount of bandwidth that may beconsumed; traffic exceeding the policer rate is reclassified or dropped

ShapingSimilar to policing but buffers excess traffic for delayed transmission;makes more efficient use of bandwidth but introduces a delay

DSCP Per-Hop Behaviors

Class Selector (CS) Backward-compatible with IP Precedence values

Assured Forwarding (AF) Four classes with variable drop preferences

Expedited Forwarding (EF) Priority queuing for delay-sensitive traffic

Congestion Avoidance

Random Early Detection (REDPackets are randomly dropped

before a queue is full to prevent drop; mitigates TCPsynchronization

Weighted RED (WRED)RED with the added capability ofrecognizing prioritized traffic bason its marking

TCP SynchronizationFlows adjust TCP window sizes in synch, making inefficient use of a link

Class-Based WRED (CBWRED)WRED employed inside a class-based WFQ (CBWFQ) queue

8/8/2019 Pro to Cole

24/30

packetlife.

by Jeremy Stretch v

QUALITY OF SERVICE PART 2Queuing Comparison

Default on Interfaces >2 Mbps

FIFO

Number of Queues 1

Configurable Classes

Bandwidth Allocation

Provides for Minimal Delay

Modern Implementation

No

Automatic

No

Yes

No

PQ

4

Yes

Automatic

Yes

No

No

CQ

Configured

Yes

Configured

No

No

2 Mbps) interfaces

Configurable with the tx-ring-limit interface config command

Provides four static queues whichcannot be reconfigured

Higher-priority queues arealways emptied before lower-priority queues

Lower-priority queues are at riskof bandwidth starvation

Rotates through queues usingWeighted Round Robin (WRR)

Processes a configurable numberof bytes from each queue per turn

Prevents queue starvation butdoes not provide for delay-sensitive traffic

Queues are dynamically createdper flow to ensure fair processing

Statistically drops packets fromaggressive flows more often

No support for delay-sensitivetraffic

Class-Based WFQ (CBWFQ)Low Latency Queuing (LLQ)

WFQ with administrativelyconfigured queues

Each queue is allocated anamount/percentage of bandwidth

No support for delay-sensitivetraffic

CBWFQ with the addition of apoliced strict-priority queue

Highly configurable while stillsupporting delay-sensitive traffic

Flow 1

Flow 2

Flow n

...Hardware

Queue

500 B/cycle

4500 B/cycle

1500 B/cycle

Queue A

Queue B

Queue C HardwareQueue

512 Kbps Min

1024 Kbps Min

Remainder

Queue A

Queue B

DefaultHardware

Queue

512 Kbps Min

1024 Kbps Min

Remainder

Queue A

Queue B

Default

512 Kbps MaxPriority

Hardware

Queue

Show mls qos

8/8/2019 Pro to Cole

25/30

packetlife.

by Jeremy Stretch v

IEEE

Cisco

SPANNING TREE PART 1

BPDU Format

Protocol ID 16

Spanning Tree Protocols

Algorithm

Legacy STP PVST

Defined By

Instances

Trunking

PVST+ RPVST+ MST

Legacy ST

802.1D-1998

1

N/A

Legacy ST

Cisco

Per VLAN

ISL

Legacy ST

Cisco

Per VLAN

802.1Q, ISL

Rapid ST

Cisco

Per VLAN

802.1Q, ISL

Rapid ST

802.1s,802.1Q-200

Configurable

802.1Q, ISL

RSTP

Rapid ST

802.1w,802.1D-2004

1

N/A

Spanning Tree Instance Comparison

STP

C

A B

All VLANs

x

RootPVST+

C

A B

VLAN 1

VLAN 10

VLAN 20

VLAN 30

xx xx

VLAN 1,10 Root VLAN 20,30 RootMST

C

A B

MSTI 0 (1, 1

MSTI 1 (20, x x

MSTI 0 Root MSTI 1 Root

Field Bits

Version 8

BPDU Type 8

Flags 8

Root ID 64

Root Path Cost 32

Bridge ID 64

Port ID 16

Message Age 16

Max Age 16

Hello Time 16

Forward Delay 16

Spanning Tree Specifications

802.1D-1998

PVSTISL PVST+ RPVST+

802.1w

802.1s

802.1D-2004

802.1Q-2003

802.1Q-1998

802.1Q-2005

Link Costs

4 Mbps 250

Bandwidth Cost

10 Mbps 100

16 Mbps 62

45 Mbps 39

100 Mbps 19

155 Mbps 14

622 Mbps 6

1 Gbps 4

10 Gbps 2

Default Timers

Hello

Forward Delay

Max Age

2s

15s

20s

Port States

Disabled

Discardin

Legacy ST Rapid ST

Blocking

Listening

Learning LearningForwarding Forwardi

IEEE 802.1D-1998 Deprecated legacy STP standard

IEEE 802.1w Introduced RSTP

IEEE 802.1D-2004 Replaced legacy STP with RSTP

IEEE 802.1s Introduced MST

IEEE 802.1Q-2003 Added MST to 802.1Q

PVST Per-VLAN implementation of legacy STP

PVST+ Added 802.1Q trunking to PVST

RPVST+ Per-VLAN implementation of RSTP

Port Roles

Root Root

Legacy ST Rapid ST

Designated Designat

BlockingAlternate

Backup

Spanning Tree Operation

Determine root bridgeThe bridge advertising the lowest bridge ID becomes the root bridge

Select root portEach bridge selects its primary port facing the root

Select designated portsOne designated port is selected per segment

Block ports with loopsAll non-root and non-desginated ports are blocked

1

2

3

4

IEEE 802.1Q-2005 Most recent 802.1Q revision

20+ Gbps 1

8/8/2019 Pro to Cole

26/30

packetlife.

by Jeremy Stretch v

SPANNING TREE PART 2PVST+ and RPVST+ Configuration

spanning-tree mode {pvst | rapid-pvst}

! Bridge priorityspanning-tree vlan 1-4094 priority 32768

! Timers, in secondsspanning-tree vlan 1-4094 hello-time 2

spanning-tree vlan 1-4094 forward-time 15spanning-tree vlan 1-4094 max-age 20

! PVST+ Enhancementsspanning-tree backbonefastspanning-tree uplinkfast

! Interface attributesinterface FastEthernet0/1spanning-tree [vlan 1-4094] port-priority 128spanning-tree [vlan 1-4094] cost 19

! Manual link type specificationspanning-tree link-type {point-to-point | shared}

! Enables PortFast if running PVST+, or! designates an edge port under RPVST+spanning-tree portfast

! Spanning tree protectionspanning-tree guard {loop | root | none}

! Per-interface togglingspanning-tree bpduguard enablespanning-tree bpdufilter enable

Troubleshooting

show spanning-tree [summary | detail | root

show spanning-tree [interface | vlan]

MST Configuration

spanning-tree mode mst

! MST Configurationspanning-tree mst configurationname MyTreerevision 1

! Map VLANs to instancesinstance 1 vlan 20, 30instance 2 vlan 40, 50

! Bridge priority (per instance)spanning-tree mst 1 priority 32768

! Timers, in secondsspanning-tree mst hello-time 2spanning-tree mst forward-time 15spanning-tree mst max-age 20

! Maximum hops for BPDUsspanning-tree mst max-hops 20

! Interface attributesinterface FastEthernet0/1spanning-tree mst 1 port-priority 128spanning-tree mst 1 cost 19

Bridge ID Format

Pri Sys ID Ext MAC Address

4 12 48

System ID Extension12-bit value taken from VLAN number (IEEE 802.1t

Priority4-bit bridge priority (configurable from 0 to 61440 increments of 4096)

MAC Address48-bit unique identifier

Path Selection

1 Bridge with lowest root ID becomes the root

2

3

4

Prefer the neighbor with the lowest cost to root

Prefer the neighbor with the lowest bridge ID

Prefer the lowest sender port ID

Optional PVST+ Ehancements

PortFastEnables immediate transition into the forwarding st(designates edge ports under MST)

UplinkFastEnables switches to maintain backup paths to root

BackboneFastEnables immediate expiration of the Max Age timer the event of an indirect link failure

Spanning Tree Protection

Root GuardPrevents a port from becoming the root port

BPDU GuardError-disables a port if a BPDU is received

Loop GuardPrevents a blocked port from transitioning to listeniafter the Max Age timer has expired

BPDU FilterBlocks BPDUs on an interface (disables STP)

RSTP Link Types

Point-to-Point

Connects to exactly one other bridge (full duplex)SharedPotentially connects to multiple bridges (half duplex

EdgeConnects to a single host; designated by PortFast

show spanning-tree mst []

8/8/2019 Pro to Cole

27/30

packetlife.

by Jeremy Stretch v

Command Line Options

-A Print frame payload in ASCII

-c Exit after capturing count packets

-D List available interfaces

-e Print link-level headers

-F Use file as the filter expression

-G Rotate the dump file every n seconds

-i Specifies the capture interface

-K Don't verify TCP checksums

-L List data link types for the interface

-n Don't convert addresses to names

-p Don't capture in promiscuous mode

-q Quick output

-r Read packets from file

-s Capture up to len bytes per packet

-S Print absolute TCP sequence numbers

-t Don't print timestamps

-v[v[v]] Print more verbose output

-w Write captured packets to file

-x Print frame payload in hex

-X Print frame payload in hex and ASCII

-y Specify the data link type

-Z Drop privileges from root to user

Capture Filter Primitives

[src|dst] host Matches a host as the IP source, destination, or either

ether [src|dst] host Matches a host as the Ethernet source, destination, or either

gateway host Matches packets which used host as a gateway

[src|dst] net / Matches packets to or from an endpoint residing in network

[tcp|udp] [src|dst] port Matches TCP or UDP packets sent to/from port

[tcp|udp] [src|dst] portrange - Matches TCP or UDP packets to/from a port in the given rang

less Matches packets less than or equal to length

greater Matches packets greater than or equal to length

(ether|ip|ip6) proto Matches an Ethernet, IPv4, or IPv6 protocol

(ether|ip) broadcast Matches Ethernet or IPv4 broadcasts(ether|ip|ip6) multicast Matches Ethernet, IPv4, or IPv6 multicasts

type (mgt|ctl|data) [subtype ] Matches 802.11 frames based on type and optional subtype

vlan [] Matches 802.1Q frames, optionally with a VLAN ID ofvlan

mpls [] Matches MPLS packets, optionally with a label oflabel

Matches packets by an arbitrary expression

Protocols

arp

TCP Flags

tcp-urg tcp-rst

tcp-ack tcp-syn

tcp-psh tcp-fin

ether

fddi

icmp

ip

ip6

link

ppp

radio

rarp

slip

tcp

tr

udp

wlan

Modifiers

! or not

&& or and

|| or or

Examples

udp dst port not 53

host 10.0.0.1 && host 10.0.0.2

tcp dst port 80 or 8080

UDP not bound for port 5

Traffic between these ho

Packets to either TCP po

ICMP Types

icmp-echoreply icmp-routeradvert icmp-tstampreply

icmp-unreach icmp-routersolicit icmp-ireq

icmp-sourcequench icmp-timxceed icmp-ireqreply

icmp-redirect icmp-paramprob icmp-maskreq

icmp-echo icmp-tstamp icmp-maskreply

TCPDUMP

8/8/2019 Pro to Cole

28/30

packetlife.

by Jeremy Stretch v

VLANSTrunk Encapsulation

VLAN Creation

Switch(config)# vlan 100Switch(config-vlan)# name Engineering

0 Reserved

1 default

1002 fddi-default

1003 tr

Terminology

TrunkingCarrying multiple VLANs over the samephysical connection

Access VLANThe VLAN to which an access port is assigne

Voice VLANIf configured, enables minimal trunking tosupport voice traffic in addition to data traffion an access port

Troubleshooting

show vlan

show interface [status | switchport]

show interface trunk

show vtp status

show vtp password

Access Port Configuration

Switch(config-if)# switchport mode accessSwitch(config-if)# switchport nonegotiateSwitch(config-if)# switchport access vlan 100Switch(config-if)# switchport voice vlan 150

Trunk Port Configuration

Switch(config-if)# switchport mode trunkSwitch(config-if)# switchport trunk encapsulation dot1qSwitch(config-if)# switchport trunk allowed vlan 10,20-30Switch(config-if)# switchport trunk native vlan 10

Trunk Types

Header Size 26 bytes

ISL

4 bytes

802.1Q

Trailer Size 4 bytesN/A

Standard CiscoIEEE

Maximum VLANs 10004094

VLAN Numbers

1004 fdnet

1005 trnet

1006-4094 Extende

4095 Reserve

Native VLANBy default, frames in this VLAN are untaggedwhen sent across a trunk

Dynamic Trunking Protocol (DTP)Can be used to automatically establish trunk

between capable ports (insecure)

Switched Virtual Interface (SVI)A virtual interface which provides a routedgateway into and out of a VLAN

SVI Configuration

Switch(config)# interface vlan100Switch(config-if)# ip address 192.168.100.1 255.255.255.0

ISL

Header

Dest

MAC

Source

MACType FCSISL

DestMAC

SourceMAC

Type802.1Q802.1Q

26 6 6 2 4

6 6 24

Dest

MAC

Source

MACTypeUntagged

Switch Port Modes

trunkForms an unconditional trunk

dynamic desirableAttempts to negotiate a trunk with the far en

dynamic autoForms a trunk only if requested by the far en

accessWill never form a trunk

VLAN Trunking Protocol (VTP)

DomainCommon to all switches participating in VTP

Server ModeGenerates and propagates VTP advertisements to clients;default mode on unconfigured switches

Client ModeReceives and forwards advertisements from servers; VLANscannot be manually configured on switches in client mode

Transparent ModeForwards advertisements but does not participate in VTP;

VLANs must be configured manually

PruningVLANs not having any access ports on an end switch areremoved from the trunk to reduce flooded traffic

VTP Configuration

Switch(config)# vtp mode {server | client | transparent}Switch(config)# vtp domain Switch(config)# vtp password Switch(config)# vtp version {1 | 2}Switch(config)# vtp pruning

8/8/2019 Pro to Cole

29/30

packetlife.

by Jeremy Stretch v

WIRESHARK DISPLAY FILTERS PART 1Ethernet

eth.addr eth.srceth.len

eth.dst eth.trailereth.lg

eth.ig eth.typeeth.multicast

IEEE 802.1Q

vlan.cfi vlan.priorityvlan.id

vlan.etype vlan.trailervlan.len

IPv4

ARP

ip.fragment.overlap.conflictip.addr

ip.checksum ip.fragment.toolongfragment

ip.fragmentsip.checksum_bad

ip.checksum_good ip.hdr_len

ip.hostip.dsfield

ip.dsfield.ce ip.id

ip.lenip.dsfield.dscp

ip.dsfield.ect ip.proto

ip.reassembled_inip.dst

ip.dst_host ip.src

ip.src_hostip.flags

ip.flags.df ip.tos

ip.tos.costip.flags.mf

ip.flags.rb ip.tos.delay

ip.tos.precedenceip.frag_offset

ip.fragment ip.tos.reliability

ip.tos.throughputip.fragment.error

ip.fragment.multipletails ip.ttl

ip.versionip.fragment.overlap

IPv6

ipv6.hop_optipv6.addr

ipv6.class ipv6.host

ipv6.mipv6_home_addressipv6.dst

ipv6.dst_host ipv6.mipv6_length

ipv6.mipv6_typeipv6.dst_opt

ipv6.flow ipv6.nxt

ipv6.opt.pad1ipv6.fragment

ipv6.fragment.error ipv6.opt.padnipv6.plenipv6.fragment.more

ipv6.fragment.multipletails ipv6.reassembled_in

ipv6.routing_hdripv6.fragment.offset

ipv6.fragment.overlap ipv6.routing_hdr.addr

ipv6.routing_hdr.leftipv6.fragment.overlap.conflict

ipv6.fragment.toolongfragment ipv6.routing_hdr.type

ipv6.srcipv6.fragments

ipv6.fragment.id ipv6.src_host

ipv6.versionipv6.hlim

arp.dst.hw_mac arp.proto.size

arp.dst.proto_ipv4 arp.proto.type

arp.hw.size arp.src.hw_mac

arp.hw.type arp.src.proto_ipv4

arp.opcode

TCP

tcp.options.qstcp.ack

tcp.checksum tcp.options.sack

tcp.options.sack_letcp.checksum_bad

tcp.checksum_good tcp.options.sack_perm

tcp.options.sack_retcp.continuation_to

tcp.dstport tcp.options.time_stamp

tcp.options.wscaletcp.flags

tcp.flags.ack tcp.options.wscale_val

tcp.pdu.last_frametcp.flags.cwr

tcp.flags.ecn tcp.pdu.sizetcp.pdu.timetcp.flags.fin

tcp.flags.push tcp.port

tcp.reassembled_intcp.flags.reset

tcp.flags.syn tcp.segment

tcp.segment.errortcp.flags.urg

tcp.hdr_len tcp.segment.multipletail

tcp.segment.overlaptcp.len

tcp.nxtseq tcp.segment.overlap.conflict

tcp.segment.toolongfragmtcp.options

tcp.options.cc tcp.segmentstcp.seqtcp.options.ccecho

tcp.options.ccnew tcp.srcport

tcp.time_deltatcp.options.echo

tcp.options.echo_reply tcp.time_relative

tcp.urgent_pointertcp.options.md5

tcp.options.mss tcp.window_size

tcp.options.mss_val

UDP

udp.checksum udp.srcportudp.dstport

udp.checksum_bad udp.length

udp.checksum_good udp.port

Operators

eq or ==

ne or !=

gt or >

lt or =

le or

8/8/2019 Pro to Cole

30/30

packetlife.WIRESHARK DISPLAY FILTERS PART 2Frame Relay

fr.defr.becn

fr.chdlctype fr.dlci

fr.dlcore_controlfr.control

fr.control.f fr.ea

fr.fecnfr.control.ftype

fr.control.n_r fr.lower_dlci

fr.nlpidfr.control.n_s

fr.control.p fr.second_dlci

fr.snap.ouifr.control.s_ftype

fr.control.u_modifier_cmd fr.snap.pid

fr.snaptypefr.control.u_modifier_resp

fr.cr fr.third_dlci

fr.upper_dlcifr.dc

ICMPv6

icmpv6.all_comp

icmpv6.checksum

icmpv6.option.name_type.fq

icmpv6.option.name_x501

icmpv6.checksum_bad

icmpv6.code

icmpv6.option.rsa.key_ha

icmpv6.option.type

icmpv6.comp

icmpv6.haad.ha_addrs

icmpv6.ra.cur_hop_limit

icmpv6.ra.reachable_time

icmpv6.identifier

icmpv6.option

icmpv6.ra.retrans_timer

icmpv6.ra.router_lifetim

icmpv6.option.cga

icmpv6.option.length

icmpv6.recursive_dns_se

icmpv6.type

icmpv6.option.name_type

RIP

BGP

bgp.mp_reach_nlri_ipv4_prefbgp.aggregator_as

bgp.aggregator_origin bgp.mp_unreach_nlri_ipv4_pre

bgp.multi_exit_discbgp.as_path

bgp.cluster_identifier bgp.next_hop

bgp.nlri_prefixbgp.cluster_list

bgp.community_as bgp.origin

bgp.originator_idbgp.community_value

bgp.local_pref bgp.type

bgp.withdrawn_prefixbgp.mp_nlri_tnl_id

HTTP

http.proxy_authorizatiohttp.accept

http.accept_encoding http.proxy_connect_host

http.proxy_connect_porthttp.accept_language

http.authbasic http.referer

http.requesthttp.authorization

http.cache_control http.request.method

http.request.urihttp.connection

http.content_encoding http.request.versionhttp.responsehttp.content_length

http.content_type http.response.code

http.serverhttp.cookie

http.date http.set_cookie

http.transfer_encodinghttp.host

http.last_modified http.user_agent

http.www_authenticatehttp.location

PPP

ppp.address ppp.direction

ppp.control ppp.protocol

rip.auth.passwd rip.route_tagrip.ip

rip.auth.type rip.routing_domarip.metric

rip.command rip.versionrip.netmask

rip.family rip.next_hop

MPLS

mpls.oam.defect_locationmpls.bottom

mpls.cw.control mpls.oam.defect_type

mpls.oam.frequencympls.cw.res

mpls.exp mpls.oam.function_type

mpls.oam.ttsimpls.label

mpls.oam.bip16 mpls.ttl

ICMP

icmp.checksum icmp.seqicmp.identicmp.checksum_bad icmp.typeicmp.mtu

icmp.code icmp.redir_gw

DTP

dtp.neighbor vtp.neighbordtp.tlv_type

dtp.tlv_len dtp.version

VTP

vtp.vlan_info.802_10_indexvtp.code

vtp.conf_rev_num vtp.vlan_info.isl_vlan_id

vtp.vlan_info.lenvtp.followers

vtp.md vtp.vlan_info.mtu_size

vtp.vlan_info.status.vlan_suspvtp.md5_digest

vtp.md_len vtp.vlan_info.tlv_len

vtp.vlan_info.tlv_typevtp.seq_num

vtp.start_value vtp.vlan_info.vlan_name

vtp.vlan_info.vlan_name_lenvtp.upd_id

vtp.upd_ts vtp.vlan_info.vlan_type